The director of facilities at the Woodruff Arts Center in Atlanta pleaded guilty in April 2013 to embezzling more than $1.1 million from the nonprofit. According to the Federal Bureau of Investigation, former employee Ralph Clark stole the money from the visual and performing arts center by submitting invoices for bogus expenses, picking the checks up in person, and then depositing them into accounts over which Clark had signatory authority.
Limited staff, tight operating budgets, and a trusting nature have helped to make nonprofits attractive targets for criminals, according to accountants and other fraud investigators. In fact, hundreds of millions of dollars of assets have been illegally diverted from nonprofits — $170 million alone in 2009 — according to an October 2013 story in The Washington Post covering the years 2008 to 2012.
Fraud can be difficult to detect, especially if higher-ups are involved. There are some “red flags” that can serve as early indicators that something’s wrong.
“Splitting up responsibilities among multiple people — with each serving as a check or balance on the other — is a basic form of internal control,” said Nidhi Rao, a director in the Greater Washington, D.C., office of BDO Consulting. “Nonprofits tend to have relatively small staffs, so it can be a challenge to find enough employees to segregate duties in an adequate manner. This can be a big problem,” she said.
Bank reconciliations that aren’t being done in a timely manner could be a red flag for fraud, she noted.
“Another red flag is when one person has control over disbursements with no oversight,” she added. “In one case we discovered that an executive director at a nonprofit was able to improperly charge about $1 million of personal expenses to a corporate credit card because there were no monitoring processes in place.”
Her advice: “Get creative. Management should identify creative compensating control solutions to address the risk of fraud when duties cannot be adequately segregated. The board of directors and senior management of the organization should also take steps to ensure that appropriate tone at the top is established and that employees have a venue to anonymously report their concerns and issues.”
Verifying the integrity of the basic books and records can help to prevent or detect fraud, according to Jerry O’Neil, a partner in the New York City office of accounting firm O’Connor Davies.
While the books contain numerous transactions, he explained, the numbers can be changed or adjusted by journal entries to the general ledger. “So it is important that all journal entry postings should be reviewed and approved by responsible parties.”
Accountability and good governance procedures — including written “whistleblower” and conflicts of interest policies — can also help.
“Internal controls, and policies and procedures should be periodically reviewed to ensure they’re up to date and are functioning as intended,” O’Neil said. “Employees at all levels should be encouraged to report improper practices without fear of improper retaliation.”
Even some simple, common-sense steps can make a difference. Change passwords on a periodic basis to reduce the risk of improper access, O’Neil suggested. “And you want to preserve an audit trail of transactions, so data records should be backed up daily or weekly and stored offsite. Those backed up records should be tested periodically to ensure their integrity,” he said.
Internal and external auditors should be on the lookout for “the fraud triangle” of opportunity, rationalization and pressure, said Mark Oster, New York City-based national managing partner for Grant Thornton’s Not-for-Profit and Higher Education practices.
“When an opportunity, such as weak internal controls, combines with pressure, such as personal financial problems or unrealistic performance compensation demands, some individuals will rationalize fraud, perhaps by convincing themselves that they’re not being rewarded in a fair manner,” said Oster. “We’ve also seen situations where a high-level executive creates a culture of fear, and will routinely bypass internal controls without being challenged. This creates a climate where fraud can flourish.”
Situations like that call for extra vigilance, he added. “The trail of red flags can include altered documents, or inventory shortages like missing laptops or other portable assets,” Oster said. “Also look for employees who appear to be living beyond their means.”
Carefully reviewing documents can turn up discrepancies, such as invoices from different vendors that bear the same invoice number, or check numbers issued from Accounts Payable that are out of sequence.
“Analytic software can be used to catch a lot of these conditions,” he added. “Vendor addresses can also be compared with the home addresses of employees and board members. If they match, you could have a situation where individuals are using their own company to overbill the nonprofit for goods and services.”
Old or “stale” accounts receivable balances should set off alarms, according to Kelly Frank, a partner with the firm CohnReznick and its Not-for-Profit and Education Industry practice leader based in Roseland, N.J.
“If we see receivables that are open for more than 90 days, we’ll ask why,” she said. “Sometimes we’ll get a reasonable answer, but sometimes there’s hesitancy and we’ll look deeper. We also look at Accounts Payables and test to see if there’s proper approval, and that voids and credit memos are being approved and monitored on a proper basis. If we see a lot of ins and outs in the general ledger, we’ll dig deeper.”
Even something as seemingly minor as a lack of a “thank you” letter can indicate something’s amiss.
“A nonprofit’s gift acceptance policy should be reviewed periodically,” said Frank. “If donors are not getting receipts and acknowledgements for their contribution, it could mean that the donations are being misdirected into someone else’s account. There are many ways to commit fraud, but there are also many ways to detect it.” E
Martin Daks is a freelance business writer based in Bethlehem Twp., Pa., and a regular contributor to The NonProfit Times.